We have ten servers in two groups servers, and there is a lot of traffic between those groups - too much we think. We know this because of stats of our provider, but don't know how this traffic is built up, and which servers cause this. There is no cluster or failover or anything - each server stands on its own.

I would like to know which server(s) causes this traffic, but don't know how I can monitor this. What program or service can do this? Preferably it could monitor all local network traffic, in 10.x.x.x ip range.

3 Answers
3

I use a soft called IPTraf for quick monitoring of network connection.
It runs on the terminal and can give you divers stats on the current connections status on the machine it's installed.

you can also get a brake down based on the services used (or ports) which can be useful if your server only serves a particular function.

Downside is that you need to install it on each host.
I'm no network expert, but if you need to get a wider view of all traffic going between your sites, you would be better to check at the switch/router level with appropriate software.

Wireshark is a must try, as SHW suggested in his comment. It is a networking tool that shows any connections coming in or going out of your network. You can apply a filter to limit your search to your IP address range of your servers, and even track down what protocol is being used(so that you can figure out what is going on). It has a lot more tools that will likely help you in the future if you run into problems that are similar.